{
  "threat_severity" : "Low",
  "public_date" : "2014-11-20T00:00:00Z",
  "bugzilla" : {
    "description" : "glibc: denial of service in getnetbyname function",
    "id" : "1175369",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1175369"
  },
  "cvss" : {
    "cvss_base_score" : "1.2",
    "cvss_scoring_vector" : "AV:L/AC:H/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-835",
  "details" : [ "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process." ],
  "statement" : "A non-standard system configuration (\"networks: file dns\" in /etc/nsswitch.conf) and possibly a DNS spoofing attack is required to exploit this flaw.\nRed Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-04-10T00:00:00Z",
    "advisory" : "RHSA-2018:0805",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "glibc-0:2.17-222.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-9402\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9402" ],
  "name" : "CVE-2014-9402",
  "csaw" : false
}